#!/bin/sh
#
# $FreeBSD$
#

# PROVIDE: ix-nfsd
# REQUIRE: ix-activedirectory

. /etc/rc.subr

hasspace()
{
	res=1
	if echo "${1}" | grep -qE ' +' 2>/dev/null; then
		res=$?
	fi

	return ${res}
}

setuser()
{
	local user="${1}"

	echo "\"${user}\"" | sed -E 's/\\/\\\\/'
}

setgroup()
{
	local group="${1}"

	echo "\"${group}\"" | sed -E 's/\\/\\\\/'
}

get_virtual_fqdn()
{
	RO_FREENAS_CONFIG=$(ro_sqlite ${name} 2> /tmp/${name}.fail && rm /tmp/${name}.fail)
	trap 'rm -f ${RO_FREENAS_CONFIG}' EXIT

	gc_hostname_virtual="$(${FREENAS_SQLITE_CMD} ${RO_FREENAS_CONFIG} \
		"SELECT gc_hostname_virtual FROM network_globalconfiguration ORDER BY -id LIMIT 1")"
	gc_domain="$(${FREENAS_SQLITE_CMD} ${RO_FREENAS_CONFIG} \
		"SELECT gc_domain FROM network_globalconfiguration ORDER BY -id LIMIT 1")"

	if [ -n "${gc_hostname_virtual}" -a -n "${gc_domain}" ]; then
		echo "${gc_hostname_virtual}.${gc_domain}"
		return 0
	fi

	return 1
}

#
# TODO: For now we overwrite /etc/exports, it's desirable to teach mountd about another
# place so user can write their own entry.
#
generate_nfsd_files()
{
	RO_FREENAS_CONFIG=$(ro_sqlite ${name} 2> /tmp/${name}.fail && rm /tmp/${name}.fail)
	trap 'rm -f ${RO_FREENAS_CONFIG}' EXIT
	rm /etc/exports
	rm -f /etc/nfsd.virtualhost
	local v4=0
	local use_krb=0
	local IFS="|"
	local f="id nfs_network nfs_hosts nfs_alldirs nfs_ro nfs_quiet nfs_maproot_user nfs_maproot_group nfs_mapall_user nfs_mapall_group nfs_security"
	eval local $f
	local sf=$(var_to_sf $f)
	if [ "$(${FREENAS_SQLITE_CMD} ${RO_FREENAS_CONFIG} "SELECT nfs_srv_v4 FROM services_nfs")" -eq 1 ]; then
		if [ "$(${FREENAS_SQLITE_CMD} ${RO_FREENAS_CONFIG} "SELECT nfs_srv_v4_krb FROM services_nfs")" -eq 1 ]; then
			# The user has required kerberos for NFSv4 in the GUI.  We aren't going
			# to check for a keytab, we'll just do what we are told.
			echo "V4: / -sec=krb5:krb5i:krb5p" > /etc/exports
			use_krb=1
		else
			krb=$(${FREENAS_SQLITE_CMD} ${RO_FREENAS_CONFIG} "SELECT COUNT() FROM directoryservice_kerberoskeytab")
			# The user has not forced kerberized NFSv4 only, so we'll look for
			# a keytab and if we find one turn on kerberized NFSv4.
			if [ "${krb}" = "0" ]; then
				echo "V4: / -sec=sys" > /etc/exports
			else
				echo "V4: / -sec=sys:krb5:krb5i:krb5p" > /etc/exports
				use_krb=1
			fi
		fi
		v4=1
	fi
	${FREENAS_SQLITE_CMD} ${RO_FREENAS_CONFIG} "SELECT $sf FROM sharing_nfs_share AS us ORDER BY us.id DESC" | \
	while eval read -r $f; do
		local path paths line
		paths=`${FREENAS_SQLITE_CMD} ${RO_FREENAS_CONFIG} "SELECT path FROM sharing_nfs_share_path AS usp WHERE share_id = ${id} ORDER BY usp.id DESC" | \
		while read -r path; do
			if [ -d ${path} ]; then
				echo -n "${path} "
			fi
		done`
		if [ -z "${paths}" ]; then
			continue
		fi
		line=${paths}
		if [ "${nfs_alldirs}" = "1" ]; then
			line="${line} -alldirs"
		fi
		if [ "${nfs_ro}" = "1" ]; then
			line="${line} -ro"
		fi
		if [ "${nfs_quiet}" = "1" ]; then
			line="${line} -quiet"
		fi
                if [ -n "${nfs_mapall_user}" -o -n "${nfs_mapall_group}" ]; then
			mapall_user=$(setuser "${nfs_mapall_user}")
			mapall_group=$(setgroup "${nfs_mapall_group}")
			line="${line} -mapall=${mapall_user}:${mapall_group}"
                else
                        if [ -n "${nfs_maproot_user}" -o -n "${nfs_maproot_group}" ]; then
				maproot_user=$(setuser "${nfs_maproot_user}")
				maproot_group=$(setgroup "${nfs_maproot_group}")
			        line="${line} -maproot=${maproot_user}:${maproot_group}"
                        fi
		fi
		if [ -n "${nfs_security}" -a ${v4} -eq 1 ]; then
			security=`echo ${nfs_security} | tr "," ":"`
			if [ -n "${security}" ]; then
				line="${line} -sec=${security}"
			fi
		fi
		local IFS="|"
		echo ${nfs_network} | tr " " "\\n" | \
		while read -r network; do
			if [ -n "${network}" ]; then
				echo "${line} -network ${network}"
			fi
		done

		if [ -n "${nfs_hosts}" ]; then
			echo "${line} ${nfs_hosts}"
		elif [ -z "${nfs_network}" ]; then
			echo "${line}"
		fi
	done >> /etc/exports

	if [ "${use_krb}" = "1" ]; then
		virtual_fqdn="$(get_virtual_fqdn)"
		if [ -n "${virtual_fqdn}" ]; then
			echo -n "${virtual_fqdn}" > /etc/nfsd.virtualhost
			service nfsd restart
			service gssd restart
		fi
	fi

	service mountd quietreload
}

name="ix-nfsd"
start_cmd='generate_nfsd_files'
stop_cmd=':'

load_rc_config $name
run_rc_command "$1"
